diff --git a/example/.gitignore b/example/.gitignore
new file mode 100644
index 0000000..98d8a5a
--- /dev/null
+++ b/example/.gitignore
@@ -0,0 +1 @@
+logs
diff --git a/example/Caddyfile b/example/Caddyfile
index 913a83f..ed5c9d3 100644
--- a/example/Caddyfile
+++ b/example/Caddyfile
@@ -21,7 +21,7 @@
 		SecDefaultAction "phase:4,log,auditlog,pass"
 		SecDefaultAction "phase:5,log,auditlog,pass"
 		SecRuleEngine On
-		SecDebugLog /dev/stdout
+		SecDebugLog /home/coraza/logs/debug.log
 		SecDebugLogLevel 9
 		SecRule REQUEST_URI "@streq /admin" "id:101,phase:1,t:lowercase,deny,status:403"
 		SecRule REQUEST_BODY "@rx maliciouspayload" "id:102,phase:2,t:lowercase,deny,status:403"
@@ -29,6 +29,9 @@
 		SecResponseBodyAccess On
 		SecResponseBodyMimeType application/json
 		SecRule RESPONSE_BODY "@contains responsebodycode" "id:104,phase:4,t:lowercase,deny,status:403"
+		SecAuditEngine On
+		SecAuditLog /home/coraza/logs/audit.log
+		SecAuditLogFormat json
 		`
 	}
 
diff --git a/example/docker-compose.yml b/example/docker-compose.yml
index 457327f..f4e1203 100644
--- a/example/docker-compose.yml
+++ b/example/docker-compose.yml
@@ -7,15 +7,6 @@ services:
     ports:
       - 8081:8081
 
-  chown:
-    image: alpine:3.20
-    command:
-      - /bin/sh
-      - -c
-      - chown -R 101:101 /home/caddy/logs
-    volumes:
-      - logs:/home/caddy/logs:rw
-
   caddy:
     depends_on:
       - httpbin
@@ -23,35 +14,9 @@ services:
       context: ..
       dockerfile: ./example/Dockerfile
     volumes:
-      - logs:/home/caddy/logs:rw
+      - ./logs:/home/coraza/logs:rw
       - ./403.html:/etc/caddy/custom-pages/403.html:ro
     ports:
       - 8080:8080
     environment:
       - HTTPBIN_HOST=httpbin
-
-  caddy-logs:
-    depends_on:
-      - caddy
-      - coraza-logs
-    image: debian:12-slim
-    entrypoint: bash
-    command:
-      - -c
-      - tail -c +0 -f /home/caddy/logs/caddy.log
-    volumes:
-      - logs:/home/caddy/logs:ro
-
-  coraza-logs:
-    depends_on:
-      - caddy
-    image: debian:12-slim
-    entrypoint: bash
-    command:
-      - -c
-      - tail -c +0 -f /home/caddy/logs/caddy.log | grep --line-buffered "http.handlers.waf"
-    volumes:
-      - logs:/home/caddy/logs:ro
-
-volumes:
-  logs:
diff --git a/magefile.go b/magefile.go
index 3e25a0d..184e0f6 100644
--- a/magefile.go
+++ b/magefile.go
@@ -188,7 +188,7 @@ func BuildExample() error {
 
 // RunExample spins up the test environment, access at http://localhost:8080. Requires docker.
 func RunExample() error {
-	return sh.RunV("docker", "compose", "--file", "example/docker-compose.yml", "up", "-d", "caddy-logs")
+	return sh.RunV("docker", "compose", "--file", "example/docker-compose.yml", "up", "-d", "caddy")
 }
 
 // TeardownExample tears down the test environment. Requires docker.